Re: [W3af-users] W3af clamav.py

Tue, 29 Jul 2014 23:42:27 -0700 

Ah ok so it means it is not scanning the full website.

Thanks andres
On Jul 30, 2014 2:26 AM, "Andres Riancho" <andres.rian...@gmail.com> wrote:

> Aman,
>
> On Tue, Jul 29, 2014 at 5:05 PM, Aman Thakur <aman.thakur.1...@gmail.com>
> wrote:
> > Hi Guys,
> > Good Day!!
> >
> > I am trying to scan a website for malware using the clamav.py grep
> plugin. I
> > wanted to confirm if i am doing it right or not.
> > What is did is this:
> >
> > $ w3af_console
> > w3af>> plugins
> > w3af/plugins>> grep clamav
> > w3af/plugins>> crawl web_spider
> > w3af/plugins>> output console
> > w3af/plugins>> back
> > w3af>> target
> > w3af/config:target>> set target mydomain.com
> > w3af/config:target>> back
> > w3af>> start
> >
> > Then it prints the output something like:
> > Using ClamAV 0.98.1/19240/Tue Jul 29 18:39:04 2014 for scanning HTTP
> > response bodies.
>
> This shows that your clamavd setup is correct
>
> > Found 1 URLs and 1 different injections points.
> > The URL list is:
> > - http://mydomain.com/
> > The list of fuzzable requests is:
> > - Method: GET | http://mydomain.com/
> > Scan finished in 26 seconds.
>
> And this shows that only the web root is being scanned. This might be
> because any number of reasons:
>  * The page redirects to https, w3af won't follow anything outside the
> defined target protocol+domain
>  * The page uses lots of Flash/JavaScript
>  * The web root HTML triggers some issue in w3af's crawler
>
> > Stopping the core...
> >
> >
> > I wanted to confirm that is it scanning the whole website? or it is only
> > scanning he home page??
> >
> > Thanks
> >
> > With Regards
> > Aman Thakur
> >
> >
> ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > W3af-users mailing list
> > W3af-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to